Security Issue - Githubissues

osm-search / Nominatim

Open Source search based on OpenStreetMap data

https://nominatim.org

GNU General Public License v3.0

3.15k stars 715 forks source link

Security Issue #1772

Closed bladeswords closed 4 years ago

bladeswords commented 4 years ago

Hi,

I have a security issue I would like to report with Nominatim. How would you like for me to communicate the issue for resolution?

Thanks :)

mtmail commented 4 years ago

Is this about the servers installed at https://nominatim.openstreetmap.org/ , the software in this repository or the website https://nominatim.org/ ?

For the servers https://operations.osmfoundation.org/ , their mailing list is non-public and direct messaging via twitter neither of course.

We haven't setup email on nominatim.org so I can also offer https://opencagedata.com/security.txt to send an encrypted email to and I will coordinate the efforts.

bladeswords commented 4 years ago

Thanks @mtmail - to clarify it is for the software in this repository.

I will reach out to you using the supplied security.txt details.

FYI - there is also a feature to populate the github 'Security' tab for the repo using a SECURITY.md file.

github guide to adding security policy

and for a decent example SECURITY.md

lonvia commented 4 years ago

You can also mail security issues directly to nominatim@lonvia.de.